AccessCheck(
     [In] byte[] SecurityDescriptor,
     [In] SafeCloseHandle ClientToken,
     [In] int DesiredAccess,
     [In] GENERIC_MAPPING GenericMapping,
     [Out] out PRIVILEGE_SET PrivilegeSet,
     [In, Out] ref uint PrivilegeSetLength,
     [Out] out uint GrantedAccess,
     [Out] out bool AccessStatus);
        private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
        {
            if (null == securityDescriptor)
            {
                throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
            }

            IsAccessAllowed = false;
            byte[] BinaryForm = new byte[securityDescriptor.BinaryLength];
            securityDescriptor.GetBinaryForm(BinaryForm, 0);
            SafeCloseHandle ImpersonationToken  = null;
            SafeCloseHandle clientIdentityToken = new SafeCloseHandle(clientIdentity.Token, false);

            try
            {
                if (SecurityUtils.IsPrimaryToken(clientIdentityToken))
                {
                    if (!SafeNativeMethods.DuplicateTokenEx(clientIdentityToken,
                                                            TokenAccessLevels.Query,
                                                            IntPtr.Zero,
                                                            SecurityImpersonationLevel.Identification,
                                                            TokenType.TokenImpersonation,
                                                            out ImpersonationToken))
                    {
                        int error = Marshal.GetLastWin32Error();
                        Utility.CloseInvalidOutSafeHandle(ImpersonationToken);
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.DuplicateTokenExFailed, error)));
                    }
                }
                GENERIC_MAPPING GenericMapping     = new GENERIC_MAPPING();
                PRIVILEGE_SET   PrivilegeSet       = new PRIVILEGE_SET();
                uint            PrivilegeSetLength = (uint)Marshal.SizeOf(PrivilegeSet);
                uint            GrantedAccess      = 0;
                if (!SafeNativeMethods.AccessCheck(BinaryForm, (ImpersonationToken != null) ? ImpersonationToken : clientIdentityToken,
                                                   (int)ComRights.EXECUTE, GenericMapping, out PrivilegeSet,
                                                   ref PrivilegeSetLength, out GrantedAccess, out IsAccessAllowed))
                {
                    int error = Marshal.GetLastWin32Error();
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.AccessCheckFailed, error)));
                }
            }
            finally
            {
                if (ImpersonationToken != null)
                {
                    ImpersonationToken.Dispose();
                }
            }
        }
Exemple #3
0
        private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
        {
            if (this.securityDescriptor == null)
            {
                throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
            }
            IsAccessAllowed = false;
            byte[] binaryForm = new byte[this.securityDescriptor.BinaryLength];
            this.securityDescriptor.GetBinaryForm(binaryForm, 0);
            SafeCloseHandle newToken = null;
            SafeCloseHandle token    = new SafeCloseHandle(clientIdentity.Token, false);

            try
            {
                if (System.ServiceModel.ComIntegration.SecurityUtils.IsPrimaryToken(token) && !SafeNativeMethods.DuplicateTokenEx(token, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, System.ServiceModel.ComIntegration.TokenType.TokenImpersonation, out newToken))
                {
                    int error = Marshal.GetLastWin32Error();
                    Utility.CloseInvalidOutSafeHandle(newToken);
                    throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("DuplicateTokenExFailed", new object[] { error })));
                }
                GENERIC_MAPPING genericMapping     = new GENERIC_MAPPING();
                PRIVILEGE_SET   structure          = new PRIVILEGE_SET();
                uint            privilegeSetLength = (uint)Marshal.SizeOf(structure);
                uint            grantedAccess      = 0;
                if (!SafeNativeMethods.AccessCheck(binaryForm, (newToken != null) ? newToken : token, 1, genericMapping, out structure, ref privilegeSetLength, out grantedAccess, out IsAccessAllowed))
                {
                    int num4 = Marshal.GetLastWin32Error();
                    throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num4, System.ServiceModel.SR.GetString("AccessCheckFailed", new object[] { num4 })));
                }
            }
            finally
            {
                if (newToken != null)
                {
                    newToken.Dispose();
                }
            }
        }
 private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
 {
     if (this.securityDescriptor == null)
     {
         throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
     }
     IsAccessAllowed = false;
     byte[] binaryForm = new byte[this.securityDescriptor.BinaryLength];
     this.securityDescriptor.GetBinaryForm(binaryForm, 0);
     SafeCloseHandle newToken = null;
     SafeCloseHandle token = new SafeCloseHandle(clientIdentity.Token, false);
     try
     {
         if (System.ServiceModel.ComIntegration.SecurityUtils.IsPrimaryToken(token) && !SafeNativeMethods.DuplicateTokenEx(token, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, System.ServiceModel.ComIntegration.TokenType.TokenImpersonation, out newToken))
         {
             int error = Marshal.GetLastWin32Error();
             Utility.CloseInvalidOutSafeHandle(newToken);
             throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("DuplicateTokenExFailed", new object[] { error })));
         }
         GENERIC_MAPPING genericMapping = new GENERIC_MAPPING();
         PRIVILEGE_SET structure = new PRIVILEGE_SET();
         uint privilegeSetLength = (uint) Marshal.SizeOf(structure);
         uint grantedAccess = 0;
         if (!SafeNativeMethods.AccessCheck(binaryForm, (newToken != null) ? newToken : token, 1, genericMapping, out structure, ref privilegeSetLength, out grantedAccess, out IsAccessAllowed))
         {
             int num4 = Marshal.GetLastWin32Error();
             throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num4, System.ServiceModel.SR.GetString("AccessCheckFailed", new object[] { num4 })));
         }
     }
     finally
     {
         if (newToken != null)
         {
             newToken.Dispose();
         }
     }
 }
        private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
        {
            if (null == securityDescriptor)
            {
                throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
            }

            IsAccessAllowed = false;
            byte[] BinaryForm = new byte[securityDescriptor.BinaryLength];
            securityDescriptor.GetBinaryForm(BinaryForm, 0);
            SafeCloseHandle ImpersonationToken = null;
            SafeCloseHandle clientIdentityToken = new SafeCloseHandle(clientIdentity.Token, false);
            try
            {
                if (SecurityUtils.IsPrimaryToken(clientIdentityToken))
                {
                    if (!SafeNativeMethods.DuplicateTokenEx(clientIdentityToken,
                                                                        TokenAccessLevels.Query,
                                                                        IntPtr.Zero,
                                                                        SecurityImpersonationLevel.Identification,
                                                                        TokenType.TokenImpersonation,
                                                                        out ImpersonationToken))
                    {
                        int error = Marshal.GetLastWin32Error();
                        Utility.CloseInvalidOutSafeHandle(ImpersonationToken);
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.DuplicateTokenExFailed, error)));
                    }
                }
                GENERIC_MAPPING GenericMapping = new GENERIC_MAPPING();
                PRIVILEGE_SET PrivilegeSet = new PRIVILEGE_SET();
                uint PrivilegeSetLength = (uint)Marshal.SizeOf(PrivilegeSet);
                uint GrantedAccess = 0;
                if (!SafeNativeMethods.AccessCheck(BinaryForm, (ImpersonationToken != null) ? ImpersonationToken : clientIdentityToken,
                    (int)ComRights.EXECUTE, GenericMapping, out PrivilegeSet,
                    ref PrivilegeSetLength, out GrantedAccess, out IsAccessAllowed))
                {
                    int error = Marshal.GetLastWin32Error();
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.AccessCheckFailed, error)));
                }

            }
            finally
            {
                if (ImpersonationToken != null)
                    ImpersonationToken.Dispose();
            }
        }